As people begin to use mobile computing devices more and more in their daily routine, the hardware and software associated with mobile computing devices is developed to be faster, more efficient, and with higher capabilities. One such development for mobile computing devices is the ability to store payment credentials for a transaction account on the mobile device, which can be used in place of a traditional credit card or other payment instrument when conducting a financial transaction. However, the storage of payment credentials directly associated with a transaction account in a mobile computing device can be dangerous, as such devices are highly susceptible to theft both direct (e.g., of the device itself) and indirect (e.g., remote access to the device and its memory). As such, methods for increasing the security of mobile computing devices while maintaining their utility as a payment instrument have been developed.
Once such method involves the use of a payment token in place of traditional payment details. A payment token is an electronic data set that includes credentials that may be used in a payment transaction in place of traditional payment credentials, which is uniquely associated to the mobile computing device to which the token is provisioned. Because the token is directly associated with the mobile computing device, theft of the token may be inconsequential to the user, since the token is unusable if not used in conjunction with the proper mobile computing device. Thus, the use of payment tokens can enable electronic payment transactions involving a mobile computing device with greater security without a sacrifice to efficiency or convenience.
However, the processes for provisioning a token to a mobile computing device often involve complicated authentication processes, to ensure that the user attempting to receive a token for a transaction account is authorized to access and use that transaction account. As a result, this may cause considerable difficulty for individuals that want to enable another to use their transaction account. For instance, a parent that wants to let their child use their transaction account must either let their child borrow their mobile computing device, or must provide their authentication information and other data suitable to have a new payment token generated and provisioned to the child's mobile computing device.
Thus, there is a need for a technical solution where a payment token for a transaction account can be distributed to a secondary mobile computing device, without the need for the secondary mobile computing device having to be fully authenticated using traditional provisioning processes if the secondary mobile device is a trusted device with the account holder. In such a solution, credentials for a transaction account may be shared more easily and efficiently, while still utilizing tokens to provide for greater account security. In addition, the use of a technological solution that also utilizes transaction controls can further ensure that the payment token shared by the account holder is subject to rules set forth by the account holder, to not only prevent fraud of their transaction account, but also misuse by the individual to whom the account was shared.